Questions tagged [django-permissions]

I'm trying to add new migrations by following this tutorial
I added new permission inside Meta into permissions field. Then I created migration and tryed to modify this migration to update group permissions in place. But got DoesNotExist in RunPython operation.
from django.db import migrations
def a...

Hi i am having trouble with Django User object.
I have created a group named 'Admin' and this group have the following permission 'can_change_name','can_update_name'.
A user 'falcon' belong to group 'Admin' i did this by performing the following query
user.groups.add(Group.objects.get(name='Admin...

For my 'tutorial app', I created some specific permissions after creating an object. Only the object's author have to be able to update or delete it.
I'm a beginner and I'm here to learn, if my methods are ugly be tolerant.
Here my views.py
class CreateArticle(LoginRequiredMixin, generic.CreateView)...

I'm creating an instance of a User object. The creation itself is a standard User.objects.create_user call and that works ok - user is created. After that, I'm trying to add a few permissions to him or her:
for name in ('view_restaurant', 'change_restaurant', 'delete_restaurant',
'view_meal', 'add_m...

I have two models that have a relationship like so:
class ManuscriptItem(models.Model):
'''Represents a single manuscript's content'''
author = models.ForeignKey('accounts_api.UserProfile', on_delete=models.CASCADE)
title = models.CharField(max_length=255)
content = models.CharField(max_length=9999...

I need to restrict user access to filebrowser using permissions. For example, only users with permission 'can_upload_files' should be able to see Filebrowser in my custom dashboard.
Is this possible?
Thanks!

In my urlconf, i have:
url(r'^sssssh/(.*)', staff_only_app.site.root),
What I'd like to do is limiting any access to this application to superusers.
I tried this:
url(r'^sssssh/(.*)', user_passes_test(staff_only_app.site.root, lambda u: u.is_superuser)),
But it complains that decorate takes exactly...

I am working with django-rest-framework. The problem I am having is that the url is identical for both the POST and the GET methods but I want to have different permissions depending on which method is being called. Right now I'm using class based views and I can't figure out how to set different p...

Imagine these models:
User has many Buckets and each Bucket has many Items. User A only sees his own list of buckets and items in it. Now, I want to give user B permission to see user's A buckets but not items. Is this possible with Django built-in permission system or I need something like django-...

i've changed the app label doing this
class Model(models.Model):
pass
class Meta:
app_label = 'App Name'
db_table = 'app_table'
The table and application already existed, the problem is that when i go to the admin interface, only the superusers can view the app, and other users not, i tried to add p...

I'd like to be able to give some existing Users a custom permission which I will require for accessing a view.
I think I need to add the new permission to the Postgres table auth_permission, but I suspect there is a higher-level way to do this. Also there is a column in auth_permission for content_...

From the admin I see that you can allocate permissions to a user or a user group to :allow add, change or delete data from a model.
That is great, but I also need to allow a user or a user group to access or not a group of views. I have certain type of services on my web site so I want to allow som...

I'm a newbie in developing with Django + Django Rest-framework and I'm working on a project that provides REST Api access. I was wondering what is the best practice to assign a different permission to each action of a given ApiView or Viewset.
Let's suppose I defined some permissions classes such as...

I'm building app using django (for note that i'm very very new to django). I want to add redirection from this existing view.
Object inside the view:
from core.views import generic
class ListViewPublic(generic.ListView):
pass
class BookListView(ListViewPublic):
model = Book
def get_queryset(self):
f...

I'm working on a product that allows different schools to administer their content online.
Part of this involves setting up a role based access control logic which I've written myself. Essentially, each school has its own set of roles that have their own set of permissions. A user of the software c...

I am building a simple app using User Authentication.
My app has 3 models:
Users : The standard Django user model
Locations: A model for an office (address, site name, etc)
Employees: A model for an employee (name, email, etc)
I also have a series of views that allow a user to login, create, and ed...

I need to do some debugging, because the permissions for one of my models are created wrongly. So I tried to find the piece of code where Django creates the permissions upon syncdb and writes them in the database, but I haven't been successful at all; maybe I just overlooked the right lines of code,...

Django and programming noob here. I've made an application I'd like to deploy, but I need to figure out how to limit access to the UpdateView to the creator of that object, and I'm stumped.
Currently a user can use the CreateView .../universities/create/ to create a university object, but then any u...

I am starting an app that has a complex permission structure that will inevitably be managed by the users themselves. I have the following permissions in the model:
class Meta:
permissions = (
('can_view', 'View project'),
('manage_view', 'Can assign View project'),
('can_edit', 'Edit project'),
('m...

In a Django 1.8 project, I have a migration that worked fine, when it had the following code:
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
def update_site_forward(apps, schema_editor):
'''Add group osmaxx.'''
Group...

I have a group EuropartsBuyer and model named Product.
The following code adds a permission to the Product model.
class Meta:
permissions = (
('can_add_cost_price', 'Can add cost price'),
)
In one of my views I have the following code to add this permission to that group.
europarts_buyer, created =...

I am using the sites framework to run multiple apps off of one code base. I have 3 users, and 3 sites. They can login to the django admin interface and create content but I want them to see only the site they are allowed to manage, not the others, can the sites framework handle this? if not can anyo...

I am looking for the best way to implement user permissions to allow users to edit specific model instances.
For instance, I have such two models:
model RadioChannel(models.Model):
name = models.CharField(max_length=150, unique= True)
number = models.IntegerField( unique= True)
model ProgramSchedule...

I have a model class Department with a field name. I have another Model Student with a foreign key to Department. I want to control access to Student objects based on department. That is, a user with permission to edit the department with name 'CS' can only edit that fields. How this can be achieved...

I was trying to create a custom permission in a migration, however after running migrate, the permission was not created in the permission table. Could someone point out what the error was?
Also I am not sure what I should use as the related model for ContentType as the permission is used for restr...

I've finally decided to make some tests for my apps but I'm stuck on testing if a user can change another user (depends on the type of the user -- I use django-rules to be able to do logical permission checks, but this is not important)
Here's the code I have so far
class RulesAndPermissionsTests(Te...

I've recently started using django to administer a large existing application that was grown organically over the years using twisted.web. I started experimenting with django and it's automatic admin interface and I've been very pleased with the results.
One thing that seems to be missing for my pu...

I need to implement user rights for user groups (pretty similar to facebook groups). For example, each group can have members with rights like: can_post, can_delete, can_ban, etc. Of course, one user can be a member of many groups and group can have many different users with different rights.
What m...

Django permissions are great if you need to let someone access the admin and restrict what they can do.
But what if I want to use a similar functionality in the frontend of an application?
Example:
model Group has its own Members, a member can have three different access levels:
member
admin
super-a...

How do you ensure that a User can only edit objects they've created? What's the best way to set this up?
I'm using django-rest-framework and wondering if there's a way I can restrict users from viewing/ editing objects they don't 'own'.
class Video(models.Model):
owner = models.ForeignKey(User)
......

I want to define some custom permissions on an abstract model class that would then be inherited by all child classes, and rather than give the permissions a generic object name that could apply to any subclassed model type, I would like to essentially use the verbose_name_plural property of the chi...

I've found 3 row-level permission solutions for Django 1.2+
django-object-permissions
django-guardian
django-authority
Could someone tell if there is any recommended more than the others, what are their main differences, etc.?

I got this view and I'm using PermissionRequiredMixin on it...it works fine but when I redirect to login template (set in settings LOGIN_URL) I need it shows a message there like 'You don't have permission to do this'. Any idea how to do it without creating a custom decorator, just using PermissionR...

In my Django application, I have certain permissions which users need in order to access certain views (using django.contrib.auth). This works fine, using the @permission_required decorator on my view functions.
However, some of my URLs resolve to views which I did not write, such as the built-in d...

Is there any possibility to change permissions list in user edit page? I don't wan't to show all of permissions for example admin log entry or auth group etc.
How can I modify a main queryset to exclude some of it?

I've built an application that I want to move from my development server to my production server. In this application I have defined 3 custom groups in auth.group and each of those have specific permissions.
I've tried to dump the data from auth.group - it seems to include permissions ids as well....